cobaltstrike | dc319f290fc37fe481a492210041d3a6f9c15fb7d43399c89df4706d6e56740d

Analysis

max time kernel
140s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 16:33

Target

dc319f290fc37fe481a492210041d3a6f9c15fb7d43399c89df4706d6e56740d.exe
Size

2.2MB
MD5

c1da3346e8920eb2a51f53f4a5503ad3
SHA1

7d0d6318ac7572994d3d3852edf03f725eb4b7d3
SHA256

dc319f290fc37fe481a492210041d3a6f9c15fb7d43399c89df4706d6e56740d
SHA512

cd286a28d4129b8d825654bf078cb61bcd4b00890f9c92beffdd82a714dd66d5377040488d0403d637004ee14a3b465a7cbc555eebb3acb867ab9f455f96f397
SSDEEP

24576:ubNUM8f14ku21EoLpfTS6EKGGA8po759FPNrbpMtqyAxQX06rmzqqgTJK19xC4Tq:0uM8I21WNGAYo759NpbekWXmzqkE4TJ

Score

10^/10

Family

cobaltstrike

Botnet

http://47.100.59.47:8081/pixel

Attributes

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike

C:\Users\Admin\AppData\Local\Temp\dc319f290fc37fe481a492210041d3a6f9c15fb7d43399c89df4706d6e56740d.exe
"C:\Users\Admin\AppData\Local\Temp\dc319f290fc37fe481a492210041d3a6f9c15fb7d43399c89df4706d6e56740d.exe"
1⤵
PID:2108

memory/2108-1-0x0000000000A70000-0x0000000000ABD000-memory.dmp

Filesize
308KB

Download
memory/2108-0-0x0000000000410000-0x0000000000450000-memory.dmp

Filesize
256KB

Download
memory/2108-2-0x0000000000A70000-0x0000000000ABD000-memory.dmp

Filesize
308KB

Download
memory/2108-3-0x0000000000D20000-0x0000000000F99000-memory.dmp

Filesize
2.5MB

Download